A Trust Model for Web Services
1 / 20

Introduction - PowerPoint PPT Presentation

  • Uploaded on

A Trust Model for Web Services Ph.D Dissertation Progress Report Candidate: Nelly A. Delessy, Advisor: Dr E.B. Fernandez Department of Computer Science and Engineering Florida Atlantic University, Boca Raton FL. Introduction.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Introduction' - beate

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
A trust model for web services ph d dissertation progress report candidate nelly a delessy advisor dr e b fernand

A Trust Model for Web ServicesPh.D Dissertation Progress ReportCandidate: Nelly A. Delessy, Advisor: Dr E.B. FernandezDepartment of Computer Science and EngineeringFlorida Atlantic University, Boca Raton FL


  • Dissertation’s goal: to develop a unified trust model for web services

    • Will indicate how it can be interfaced to existing access control models for web services

    • Will include trust management through trust policies, and dynamic aspects such as trust negotiation

    • Using UML and/or some mathematical formalism

Dissertation progress
Dissertation Progress

  • What has been done: Existing Web services Access Control Models:

    • Patterns for XACML and the application firewall (last semesters)

    • Patterns for the WS-* Family: WS-Security and WS-Policy

    • Methodology to compare standards: Included in the paper: “Using patterns to compare web services security products and standards”

  • This semester:

    • Inclusion of wireless aspects

  • Future work:

    • Develop the Trust model itself

Dissertation progress1

(Resource, action, context, effect)

Credential types

Trust level

Assigned trust level

Required trust level

Trust policies

Access policies

Dissertation Progress

  • Future work

    • Description of the interface between trust model and access control model for web services(Spring 2006 & Summer 2006)

Dissertation progress2
Dissertation Progress

  • Future work

    • Define the static elements of the trust model formally (Fall 2006)

    • Develop the dynamic aspects of the trust model (Fall 2006)

    • Identify patterns from the model (Fall 2006)

    • Publish a Journal Paper from one of these steps


  • Web services are becoming important for user access to services that depends on location and they are appearing in mobile devices.

  • The concept of dynamic access to web services allied with the flexibility of wireless accesses makes it possible to envisage a new type of applications, where the mobility of the user supplies the application with context elements.

  • Examples in the field of disaster management, location services, advertising (service discovery), etc


  • Gateway architecture

    • used when portable devices are limited in memory and computational power.

    • And/or the connection bandwidth and reliability of the wireless connection are limited.

    • An example of this compressed format: WML (equivalent of HTML in the WAP stack, available in many phones), or for basic scenarios such as the “push” of information, the gateway can transform SOAP messages into SMS, or voice.


  • Direct consumer architecture

    • portable devices must have built-in implementations of the web services technologies (high end market segment, now), ex: smart phones, PDAs, and laptops.

    • Hardware and operating systems security is an important issue in this configuration.

    • the device, that is now a consumer of web services, can run client applications from different providers, a strong level of security is needed, including some type of authorization system, such as a subset of XACML or WS-*


  • Use of mobile agents

    • approach is suggested in [Bel03b].

    • proxies act on behalf of a client.

    • Rationale: using a web service can imply multiple passes between client, server and third parties (for security purposes for example) while the wireless link is not reliable and the bandwidth can be limited.


  • Direct consumer architecture

    • The mobile device is a WS Provider

    • Ex: to expose the user’s calendar, its profile

    • Liberty PAOS (Reverse HTTP Binding for SOAP) enables the creation of personalized services

    • Privacy issues…

Oma owser

  • OMA: Open Mobile Alliance

  • OWSER : OMA Web Services Enabler

  • Addresses:

    • Transport security

    • SOAP message security

    • But not application security

  • Are working on providing profiling standards, such as Liberty Alliance, OCSP, WSDL wireless web services

Oma owser1

  • To provide identity-based Web Services

    • They propose to use Liberty Alliance specs

    • Circle of Trust